- Thursday 03 May 2018
Any organisation preparing for General Data Protection Regulation (GDPR) would be on the right track to begin with a Gap Analysis. This exercise is a comprehensive audit of your entire organisation as well as any third party which handles or processes data on your behalf.
A Gap Analysis involves a detailed examination of where data is held in your organisation, who has access to it, an analysis on the vulnerability of the data you are holding and what measures could be put in place to protect the data and more. The process enables you to identify the scope of work you need to undertake to become compliant and schedule consultancy, staff training and improvements the organisation’s security be it lock and key, or encryption on all IT hardware and relevant software.
Now is the time to equip your organisation with a designated person responsible for Data Protection. This person needs to be armed with the authority and adequate budget to implement policies and procedures which make the organisation compliant with the new EU legislation which comes into effect on May 25th 2018. Ideally this candidate or external contractor will liaise with each department and initiate a comprehensive gap analysis tailored to the specific needs and demands of the departments function.
The resulting assessment needs to demonstrate how the internal practises of the organisation are adhering to the GDPR requirements.